Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

[log] HijackThis che ho ottenuto

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

[log] HijackThis che ho ottenuto

Messaggioda partyboy78 » lun ott 18, 2010 9:04 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.01.48, on 18/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Beppe\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0636430906
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63DCB9C-C6C6-4E60-86C8-BC68796EF54E}: NameServer = 85.37.17.14 85.38.28.78
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - (no file)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6498 bytes
Avatar utente
partyboy78
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar ott 27, 2009 8:33 pm

[log] combofix che ho ottenuto

Messaggioda partyboy78 » lun ott 18, 2010 9:06 pm

ComboFix 10-10-17.04 - Beppe 18/10/2010 19.54.54.13.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.359 [GMT 2:00]
Eseguito da: c:\documents and settings\Beppe\Documenti\Download\ComboFix.exe
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Trend Micro PC-cillin Internet Security *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\Color

.
((((((((((((((((((((((((( Files Creati Da 2010-09-18 al 2010-10-18 )))))))))))))))))))))))))))))))))))
.

2010-10-13 08:12 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-12 20:43 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 20:43 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 20:42 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-01 07:12 . 2010-10-01 07:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-09-30 06:55 . 2010-09-30 06:56 -------- d-----w- c:\programmi\DVD Decrypter
2010-09-29 21:05 . 2010-09-29 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-09-27 08:31 . 2010-09-14 23:06 23512 ----a-w- c:\programmi\Mozilla Firefox\components\browserdirprovider.dll
2010-09-27 08:31 . 2010-09-14 23:06 138712 ----a-w- c:\programmi\Mozilla Firefox\components\brwsrcmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-10 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-11-19 917504]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-31 15:09 136176 ----atw- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
2008-01-10 12:17 1885464 ----a-w- c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
2008-08-25 13:44 1431816 ----a-w- c:\programmi\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uniblue SpyEraser"="c:\programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55556:UDP"= 55556:UDP:UDP
"55555:TCP"= 55555:TCP:TCP

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [05/09/2008 16.13.18 45440]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 is-CPSHNdrv;is-CPSHNdrv;c:\windows\system32\drivers\54650354.sys [27/10/2009 18.38.22 148496]
S1 is-LLM70drv;is-LLM70drv;c:\windows\system32\drivers\07980805.sys [24/10/2009 21.09.41 148496]
S1 is-R58B8drv;is-R58B8drv;c:\windows\system32\drivers\99745568.sys [27/10/2009 19.07.46 148496]
S3 2oNLdNc;2oNLdNc;c:\windows\system32\drivers\2oNLdNc.sys [09/11/2009 23.53.39 25216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/01/2009 17.47.21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/01/2009 17.47.24 8320]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [05/09/2008 16.13.18 56960]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 utmwnjq0;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmwnjq0.sys --> c:\windows\system32\Drivers\utmwnjq0.sys [?]
S4 TmPfw;Trend Micro Personal Firewall; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-10-18 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004Core.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004UA.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]

2010-10-04 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\programmi\Uniblue\SpyEraser\SpyEraser.exe [2009-09-16 13:44]

2009-11-02 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\programmi\Uniblue\SpyEraser\SpyEraser.exe [2009-09-16 13:44]

2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{5E3EABF5-93D7-4BDA-8F12-80749F258036}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-10-18 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\7voelaok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - plugin: c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\7voelaok.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Adobe ARM - c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-117609710-1580436667-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jampjofbegkldelcjhga"=hex:62,61,61,6f,00,00
"jampjofbegkldelcjhca"=hex:62,61,61,6f,00,00
"iaminnjjpkmjblnilj"=hex:6b,61,62,6f,6b,67,66,6e,66,63,6c,69,64,63,61,70,69,6f,
61,69,70,6a,00,00
"hakkdpdcoenamjpe"=hex:6b,61,62,6f,6b,67,66,6e,67,63,66,70,70,62,6d,61,65,68,
6d,67,65,66,00,01
"haaafelfimnghdga"=hex:6e,61,66,6b,6d,64,6c,61,6e,65,6e,6a,6b,62,67,61,6a,61,
67,64,63,68,6c,6d,64,68,61,63,00,00
"jadaooidikecgjmpdike"=hex:64,62,65,6b,66,64,66,68,6d,65,6d,6e,69,62,61,6a,67,
66,64,6c,6c,64,63,6f,6e,65,6d,6d,70,62,63,6c,6b,65,65,6d,6b,6c,61,6e,00,cc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}\InProcServer32*]
"kagjpofehomokngghkgkof"=hex:62,61,67,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="5012CD33B5DCB3F68A5843F75B4C954E6526B990DB3441BAF11BCD9A75967F86F29777F62FEBBA637A54ADDA9DD089CAE0925AF2FEB88F637B601B17A132267E385EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB345255C75C65A0330DE5A557BB793E012E06CC7D55FA1235C1F009983E8142A601B952A93F65430332A4200439008BC9B6F1FC8CDB0D8BD469C3EC93B2047F7954059FAEFB1B85282BEA76B54F448E302083D8BA1A49988604565822E06F3C22320DA34662310A62D8B84D25F5FE350E021C6227C99B915B7989C8706A02DD8BF855F6C219D563952ED17BEDF670E05F835DCCD87DF74588C7826E0DC27CC0459CA3E75B993C9A4A333C8A1171DE65C5E2B17DB896CEF56883292DE7B326B1812400782CB09B2BAC86C3B873588D8D0671C31292CD1C5A78522C1F5AD9C7F6982B3B5DB5032D848BD5F7785CF14C93899384591AAEDA1B5B6C7D0F9DA52E44035F66015903308BDB66A97178D8672B5B44A75764198BD6D6A1CFFECFDCABC6E08658FEDEFC6818B511737D59FCB5F82E8EA543E941B39E54541EA27396179C76F5A9AA738D9BF553C12EAAF1A00C93D6953A8808AEDB7AE2FAA4636FC0C7D8281A398925A6136695F8F9BC9B5A470BCC0E66C501BC1063B29E655B8D1C1E8382702B53668D9F9A0149B829929447DF2FC0EDD07A9B61C69ADEA5DE7D3D7896B40FE2F790DD923D3C5E139AF60F6F053D0CD82F7C4F648715ED6DEE4F8D40018F1B8B175E03436A14F073704CDBA7655B60739DF42FB17B3E918946FAC85C260C509308EEBF0DAFF852093BFCE15B5D94C24D0A36E6E56C5A238C505B00BA5DC47E2DD244AACC937D68C6C4D3DA793F944D3B99F37622194D13CBAD2D18CD71F709CD35C8AB668DD9AA648402D7774EAB2DD42449B10BB2A261DEB314C98BA109662FA0C583BF086A245D2A1CB9CAC3CFA2F63332C048DE0727A46A17A2ECA07E2252BB6CC044E4AF76EF9899B8F1CC99054287911F07394D0C3D0E9F81EF95035B75DE4ECAE1774C559F65575EE88B453B19952B9BF8CE6A4E0E8FFA1E159A66C52298E25B0C88880A335C178A3614B4C324032ADAD0A1F7423F92DD7EE3C09A29A0A9067F39D24F6EB6FAFA6FE070EC2FD12C9AD4492736CDBFF1DD80650938DFFE87789A6307B3F578F48C92731B95A44EA06ED59DCA846940377455266CF7D890DB5BE00AC866A20CAEB8D0FE88FB5B91A4FA7C8E69E925B4250180B8D3B999EA8437DC2F31C08DC7C44E58961B1222D12FF9BC61568F22D7AEC55CB39F01366713F7EBD94BBDE2488583ABD12D6BD80B6A085FDED54418257EE8942EA3F25CA5CBEC4014187E626CF1EEA1CC8B42"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-10-18 20:06:35
ComboFix-quarantined-files.txt 2010-10-18 18:06

Pre-Run: 1.985.400.832 byte disponibili
Post-Run: 2.077.433.856 byte disponibili

- - End Of File - - 67E432F1E0BDA1874F6BDF4E1594458A
Avatar utente
partyboy78
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar ott 27, 2009 8:33 pm

Re: [log] combofix che ho ottenuto

Messaggioda stevens » lun ott 18, 2010 10:11 pm

controlla su virus total questi file e posta il rapporto, ci sara' da sudare

c:\windows\system32\drivers\99745568.sys

c:\windows\system32\drivers\54650354.sys

c:\windows\system32\drivers\07980805.sys
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm


Re: [log] HijackThis che ho ottenuto

Messaggioda Uomo_Senza_Sonno » lun ott 18, 2010 10:20 pm

Ciao, mi stavo domandando perché mai hai aperto due thread quando magari ne bastava aprire uno solo, magari spiegando i problemi riportati nella maniera più dettagliata possibile.
Ovviamente si evincono alcune cose dal log che hai postato, ma prima di dire cosa è meglio o no togliere è bene che tu spieghi i problemi che lamenti.

Altra cosa, devi inserire il testo tra i tasti MEMO, come riportato in questo thread.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: [log] HijackThis che ho ottenuto

Messaggioda The Doctor » mar ott 19, 2010 7:54 am

Ho unito la discussione in una sola. Ho sistemato anche il tag memo.

@partyboy78: segui il consiglio di Uomo_Senza_Sonno per l'uso corretto del tag [;)]
Ciao Nonno
Avatar utente
The Doctor
MLI Hero
MLI Hero
 
Messaggi: 5553
Iscritto il: mer mar 24, 2010 9:10 am
Località: Fiumicino (Roma)

Re: [log] HijackThis che ho ottenuto

Messaggioda Uomo_Senza_Sonno » mar ott 19, 2010 10:49 am

The Doctor ha scritto:Ho unito la discussione in una sola. Ho sistemato anche il tag memo.

Grazie Doc, era proprio necessario fare ordine. [:)]

@partyboy78
Spiegaci nel miglior modo possibile i problemi che presenta il tuo pc, è essenziale per fornirti il giusto supporto senza sprecare tempo e risorse. Quanto ha detto stevens non è incoraggiante,

stevens ha scritto:controlla su virus total questi file e posta il rapporto, ci sara' da sudare

e se non ci spieghi cosa non va è come andare (quasi) alla cieca.
[grazie] per la collaborazione e buona permanenza su [MLI]
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: [log] HijackThis che ho ottenuto

Messaggioda stevens » mar ott 19, 2010 10:58 am

Quanto ha detto stevens non è incoraggiante,


ciao Uomo_Senza_Sonno non e' incoraggiante no, ha dei valori rootkit nel pc

jampjofbegkldelcjhga

jampjofbegkldelcjhca

iaminnjjpkmjblnilj

hakkdpdcoenamjpe

haaafelfimnghdga

jadaooidikecgjmpdike

kagjpofehomokngghkgkof


magari se mi controlla quei 3 file gia' abbiamo fatto un passo avanti
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: [log] HijackThis che ho ottenuto

Messaggioda FDAC » mar ott 19, 2010 1:28 pm

E non solo:
AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

VirusFighter è un Rogue, un antivirus malevolo.

Ci sarà da lavorare molto.
Saluti
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising